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Realtek RtsUpx USB utility driver Vulnerability 
(CVE-2021-36922/CVE-2021-36923/CVE-2021-36924/CVE-2021-36925) 


Release Date 


2021/11/01 È 

Affected Projects NY, 

Realtek RtsUpx BOS r for Camera/Hub/Audio 
Affecte io 

RtsUpx: .14.0.0 and below 


CVE ID 
CVE-2021-36922 
CVE-2021-36923 


CVE-2021-36924 LO 
CVE-2021-36925 CON 


Description 


The following security issues was found in IOCY estprovyided by RtsUpx driver: 
1. Input data from user mode is not properly validateđñand could lead to a system crash. 
2. Vulnerable to TOCTOU attack which may cause pool overflow. 

3. Unauthorised access to arbitrary USB devices. 


4. Access to arbitrary IN/OUT or physical memory from a non-administrator user. 


Vulnerability Type 
System Crash 


Gain Privileges 
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Attack Type 


Local 


Security Risk 
High 


Patch 
RtsUpx v2.0.0.0 
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